formbook | bedd545eb1a6b4de080020f5520fdef0fbebffba777b9c952ffa8b71fb9ba896 | Triage

Resubmissions

10-10-2022 14:17

221010-rlzsraccfk 10

10-10-2022 13:17

221010-qjgzgsbhd6 10

27-09-2022 20:10

220927-yxvfqseda9 10

Sharing

General

Target

852289dea9e7ab79e1d224cc883cb2f3
Size

550KB
Sample

221010-qjgzgsbhd6
MD5

852289dea9e7ab79e1d224cc883cb2f3
SHA1

ecf9ddac34b8b38eabbef97f567765092dd93468
SHA256

bedd545eb1a6b4de080020f5520fdef0fbebffba777b9c952ffa8b71fb9ba896
SHA512

7d7714be6bf0b5b192286b332cb0e29f72cafdff11eb37b7390d2b08d3e916d483b97467ca2f162954a6e522049fd9645654b84b4a20194c9459ae79fb175e07
SSDEEP

12288:znnYLlLYhv53Bxj9PHL4y5TZtq/s88lVBjhmfs:LYLlMv53BxhPr42ZZ8gV9hmfs

Score

10^/10

formbook nrln rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Campaign

nrln

Decoy

IG7zJSm49UqTTuu/N/oTCIg=

CVLdAPgw0CRSMuZnRRU=

PiA5Z3umP2NyX81VGQhjWyS59nFYhXiG

5i6p4GeQqtBgNRfGNQ==

5984keYswxh8mGZHz4ipAHtQ

VNJaK4Gh0CrOvHpW/p353A==

71rEtrL2icToyKGhcWrTxjsFU5T98zeO

r3q1sy1iZaL+2XIUAob7yw==

9+83Qkrk/vV/jVXsDvoTCIg=

aMFAgYF1prov8/UErH/Y1A==

Alqtx/0rxwEbCLdudftl

ImCbnglBSUHF0mv2tTSP40bPeYao

s4DFNvAJ4GIJ+g==

phOa6mtS8QQICuZnRRU=

7TSu5vqRtB45EZtf4WDSTBHPeYao

ImPWqwUUIVWMQLyMbUab7tmspvNCcT8=

HF7jKjbGox2SAffTPw==

yAM3mOQot5l+cD0ikR5MGp8=

UYzW0/8z70JcQenVLidu1kLPeYao

OoCznp5UWz+hT9OBFXbfVhXPeYao

Targets

- Target
  
  PO MATADOR_5D6EC - Q7100625010,pdf.exe
- Size
  
  295KB
- MD5
  
  acd2efc1047230b3fbbcb3349b875e69
- SHA1
  
  0b537f86fc9bac1ab7a8c15d0931f6ec4a27434c
- SHA256
  
  5313012047344a16ce9ba4a01f43d0bb4330b86a5d80039e6830eb2b1f5323d1
- SHA512
  
  122b28f77cac12900f420904eec899cb602da21133a37016741c39e54836f2d23a2c2333d507c9becb9ac0da8bcab69ec36d1a89039feef9c70f96ae678d8d0c
- SSDEEP
  
  6144:L5zvytmDRQDh674uJtGKor0eTFlZt6Ej:Fz6ARsh239or/FlO
Score

10^/10

formbook nrln rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbooknrlnratspywarestealertrojan